Vulnerabilities > CVE-2022-32174 - Unspecified vulnerability in Gogs

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2022-10-11

Updated: 2024-11-21

Summary

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

Part	Description	Count
Application	Gogs Gogs Gogs 0.6.5 Gogs Gogs 0.6.9 Gogs Gogs 0.6.15 Gogs Gogs 0.7.0 Gogs Gogs 0.7.6 Gogs Gogs 0.7.19 Gogs Gogs 0.7.22 Gogs Gogs 0.7.33 Gogs Gogs 0.8.0 Gogs Gogs 0.8.10 Gogs Gogs 0.8.25 Gogs Gogs 0.8.43 Gogs Gogs 0.9.0 Gogs Gogs 0.9.13 Gogs Gogs 0.9.46 Gogs Gogs 0.9.48 Gogs Gogs 0.9.60 Gogs Gogs 0.9.71 Gogs Gogs 0.9.97 Gogs Gogs 0.9.113 Gogs Gogs 0.9.128 Gogs Gogs 0.9.141 Gogs Gogs 0.10 Gogs Gogs 0.10.1 Gogs Gogs 0.10.8 Gogs Gogs 0.10.18 Gogs Gogs 0.11 Gogs Gogs 0.11.4 Gogs Gogs 0.11.19 Gogs Gogs 0.11.29 Gogs Gogs 0.11.33 Gogs Gogs 0.11.34 Gogs Gogs 0.11.43 Gogs Gogs 0.11.53 Gogs Gogs 0.11.66 Gogs Gogs 0.11.79 Gogs Gogs 0.11.82.1218 Gogs Gogs 0.11.86 Gogs Gogs 0.11.91 Gogs Gogs 0.12 Gogs Gogs 0.12.2 Gogs Gogs 0.12.3 Gogs Gogs 0.12.4 Gogs Gogs 0.12.5 Gogs Gogs 0.12.6 Gogs Gogs 0.12.7 Gogs Gogs 0.12.8 Gogs Gogs 0.12.9 Gogs Gogs 0.12.10	55